Hello, I am maintaining a custom embedded Linux (v5.4) with BlueZ 5.50 and a GATT application that runs on top of BlueZ DBus. We are interested in applying the patch for CVE-2021-43400. Based on the original patch* I have created another one for BlueZ 5.50, this produces a reproducible timeout every time I write into a GATT characteristic (sometimes the first write is successful, but all of the subsequent ones fail with -110 error). I tried 5.62 (where the patch is included already) and the same behaviour happened. I tried 5.61 without the patch and no problem with the WriteValue, when I applied the original patch* it also showed the same timeout behaviour. So, my guess is that the original patch for CVE-2021-43400 is triggering this timeout on the WriteValue. If needed I can provide more information or get adicional results. * https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 Thanks, Ulisses Costa.
